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DD/S 79-3019 


24 JUL 1970 


MEMORANDUM FOR: Director of Security 


SUBJECT : Inspector General's Recommendation Concerning 
ADP Security 


1, There is attached an extract of the memorandum to the Executive 
Director -Comptroller in response to the recommiendations in the Inspector 
General's Survey of OCS involving the Support Directorate. This extract 
is the comment on Recommendation No, 9 regarding the Agency's ADP 
security effort, the substance of which is based on our Conversations and 
on the memorandum on this subject you sent to me on 20 July 1970. 


2. The measures you have proposed in order to augment the Office 
of Security's effort in this field are responsive to the Inspector General's 
recommendation, Please take necessary steps in order to implement the 
Proposed changes. I would be interested in hearing what plans your Office 
has to bring about a coordinated Agency program in the area of ADP security. 


Slatted R. 1. Bannerman 
R. L. Bannerman 
Deputy Director 

for Support . 
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SECRET 


DD/S 70-2976 


&2 Jur 1970. 
MEMORANDUM FOR: Executive Director-Comptroller a 


EXTRACT 


"Recommendation No. 9 


That OCS and OS review their ADP security manpower requirements 
and develop measures to insure the secure, compartmented use of the OCS 
time-sharing 360/67 system both for CIA internal needs and for potential! 
COINS application. 


Action or Comment 


Members of the Office of Security have discussed security manpower 
requirements and ways of improving the Agency's ADP security effort with 
the Acting Director of Computer Services Based on this review and on 

' discussions with the Director of Security, he is prepared to take the following 
measures: 


a. The OS unit concerned with ADP security, which was 
established in October 1969 by reallocation of positions within 
OS, currently has a staff of three professionals and one clerical. 
In order to augment the effort, this unit will be expanded by the 
addition of three professional positions, including a GS-14 from the 
Special Security Center and a GS-12 engineer position from the OS 
Technical Division. Additionally, OS and OCS are agreed that it is 
necessary to obtain a professionally trained systems programmer as 
part of this security team; the Director of Security will attempt to 
fill this position at the GS-13 level on a contract basis which is 
being provided for from within the Directorate ceiling. 


b. The OS ADP security unit, which is now a part of the Executive 
Staff, will be transferred to the Physical Security Division where, in 
order to provide proper recognition and authority, the head of the unit 
will be designated as Deputy Chief, Physical Security Division for 
Computer RECUEIEY: 
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c. The Director of Security also plans, Starting in this Fiscal Year, 
to increase the use of industrial specialists in order to obtain expert 
advice on particular ADP security problems and equipments. I propose 
to handle the financial adjustments for this increase and the contract 
position salary when the OS budget for FY 1971 is finalized. 


The Director of Security has also undertaken a review of his responsibilities 
in the ADP security field vis-a-vis computer operating and using components. 
i These responsibilities can be Summarized as follows: 


a. Developing and publishing uniform security policy and standards 
for maintaining the security of Agency computer and related information 
processing operations; 


b. Directing a coordinated Agency program toward the identification 
and resolution of security problems involved in the use of computers and 
other modern techniques in the processing of official data; 


c. Providing Agency computer components and users guidance 
in the handling of security problems posed by such operations; 


d. Conducting security audits of Agency computer systems used 
for the processing of official data in order to insure uniform application 
of computer security policy and to test and evaluate systems as to their 
security merit; and, ; 

e. Providing Agency support to computer security efforts within 
the USIB community where the Agency has an assigned responsibility 

_or where it is requested to provide assistance. . 


The coordinated ADP security program referred to above (b) should 
facilitate bringing together the efforts of the various Agency components with 
problems and interests in this field, including OS, OCS and ORD, as well as 
other computer operating and using elements. 


In sum, I would note that, given the rapid changes in ADP technology 
and the unknowns concerning security in this field, it does not appear that ADP 
security objectives can be attained easily or quickly. The steps outlined above 
‘should, however, increase and sharpen our ADP Security effort and I would 
-hope to make progress toward the Security goals discussed in the Inspector 
General's report." 
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